package com.shirotest.shiro;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

/**
 * 自定义权限过滤器
 */
public class MyRolesAuthorizationFilter extends AuthorizationFilter {
	/**
	 * 当某个资源配置多个角色时，只要有一个角色符合就允许通过
	 */
	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)throws Exception {
		Subject subject = getSubject(request, response);
		String[] roles = (String[])mappedValue;
		if(roles == null || roles.length == 0) {
			return false;
		}
		
		for(String role : roles) {
			if(subject.hasRole(role)) {
				return true;
			}
		}
		return false;
	}

}
